October is Cybersecurity Awareness Month, a global campaign intended to help individuals, institutions and organizations stay safe and secure online. Colleagues from Digital and Technology Services (DTS) are dedicated to ensuring everyone has the resources to stay safe and secure online, and throughout October, we will continue to share our top-tips and best practice.

Cyber threats in Higher Education, and how we’re working to keep you safe

Higher Education institutions are often the targets of cyberattacks, given the wealth of personal and confidential information held, and the high-powered computing resources, high bandwidth networks and valuable research we maintain, all of which are valuable commodities to cyber criminals.

The safety of data and our infrastructure is a core priority for Digital and Technology Services (DTS) and the wider university. As cyber threats continue to evolve, the process of identifying these and taking appropriate steps to resolve and mitigate them is paramount.

Mark Hewitt, Head of Cyber Security here at UoN comments “We have extensive measures in place to assure the digital resilience of our organisation, including Multi-Factor Authentication (MFA, which helps prevent unauthorised access to university IT systems), a Virtual Private Network (VPN, which allows users to access university-restricted web resources and other services securely whilst off campus), and Intrusion Prevention systems and Firewalls to prevent external attacks, as well as continual security monitoring of our systems”

“Maintaining secure digital systems requires ongoing collaboration across the university, and here at UoN we continue to invest in the robust infrastructure needed to meet cybersecurity challenges. It is a shared responsibility, and we all play a crucial role in helping to maintain the security of the university in a digital world.”

DTS tips for staying safe and secure online

1. Use a Password Manager

Never write passwords or sensitive information down – instead, we encourage you to use a Password Manager. Dashlane, LastPass, and RoboForm Everywhere are all good options.

Password managers can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your accounts (rather than using the same password for all of them, which you should never do).

2. Enable MFA

Multi-Factor Authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. Here at UoN, we require all staff, students and associates use MFA – it is mandatory to approve access to a number of services, such as Microsoft 365, VPN, Virtual desktop and Remote desktop. We recommend that you also set up MFA for your personal email and social media accounts to help protect them from attack.

3. Know how to spot a Phishing email

Phishing is one of the most common tactics used by cyber criminals to obtain sensitive information. Phishing is when attackers deceive people into revealing sensitive information or clicking harmful links by posing as legitimate institutions. We’ll be sharing more on this in the coming weeks.

TOP TIP

Think you’ve received a Phishing email?

Ask yourself, does the ‘From’ address match the sender’s name? Is there a sense of urgency or threat? Is there a non-personal greeting (I.e Dear Customer)? Is it asking you to disclose personal or sensitive information? Are there spelling, formatting or grammatical mistakes? Hover over the hyperlinks – do they point to suspicious sites? Chances are, it could be a Phishing email.

To report a Phishing email, or a suspicious looking email, simply select the message/ messages in Outlook. Above the reading pane, select Home > Report Message to report the message sender. This will send a notification to our Security Operations team, which will allow us to put blocks in place.

Next week, we will be looking at Phishing and other common cyber-attacks in more detail.

4. If you are unsure, ask the experts.

If have any cybersecurity concerns, or be that strange USB devices plugged into publicly accessible computers, unexpected security warning when browsing to university websites, replies to message that you never sent, or other issues that you are not sure about, we have DTS have dedicated cybersecurity team who are here to ensure that we are all protected.